fix broken links for build of Zeek, MITRE ATT&CK BZAR plugin

cisagov · Mar 19, 2020 · 77a7505 · 77a7505
1 parent fe7118f
commit 77a7505
Show file tree

Hide file tree

Showing 5 changed files with 6 additions and 20 deletions.
diff --git a/Dockerfiles/zeek.Dockerfile b/Dockerfiles/zeek.Dockerfile
@@ -11,7 +11,7 @@ ENV ZEEK_SRC_DIR "${SRC_BASE_DIR}/zeek-${ZEEK_VERSION}"
 ENV ZEEK_PATCH_DIR "${SRC_BASE_DIR}/zeek-patches"
 ENV PATH="${ZEEK_DIR}/bin:${PATH}"
 
-ADD https://www.zeek.org/downloads/zeek-$ZEEK_VERSION.tar.gz $SRC_BASE_DIR/zeek.tar.gz
+ADD https://old.zeek.org/downloads/zeek-$ZEEK_VERSION.tar.gz $SRC_BASE_DIR/zeek.tar.gz
 ADD shared/bin/zeek_install_plugins.sh /usr/local/bin/
 
 RUN sed -i "s/buster main/buster main contrib non-free/g" /etc/apt/sources.list && \

diff --git a/sensor-iso/config/hooks/normal/0910-sensor-build.hook.chroot b/sensor-iso/config/hooks/normal/0910-sensor-build.hook.chroot
@@ -6,7 +6,7 @@ NETSNIFF_VER="0.6.6"
 NETSNIFF_URL="https://github.com/netsniff-ng/netsniff-ng/archive/v$NETSNIFF_VER.tar.gz"
 
 ZEEK_VER="3.0.1"
-ZEEK_URL="https://www.zeek.org/downloads/zeek-$ZEEK_VER.tar.gz"
+ZEEK_URL="https://old.zeek.org/downloads/zeek-$ZEEK_VER.tar.gz"
 ZEEK_PATCH_URLS=(
   # nothing here for now
 )

diff --git a/sensor-iso/docs/Notes.md b/sensor-iso/docs/Notes.md
@@ -337,7 +337,7 @@ The following bash script was used to download, [build and install](https://docs
 #!/bin/bash
 
 ZEEK_VER="3.0.1"
-ZEEK_URL="https://www.zeek.org/downloads/zeek-$ZEEK_VER.tar.gz"
+ZEEK_URL="https://old.zeek.org/downloads/zeek-$ZEEK_VER.tar.gz"
 ZEEK_PATCH_URLS=(
   # nothing here for now
 )

diff --git a/sensor-iso/interface/requirements.txt b/sensor-iso/interface/requirements.txt
@@ -8,7 +8,7 @@ idna==2.7
 itsdangerous==0.24
 Jinja2==2.10.1
 MarkupSafe==1.0
-psutil==5.6.0
+psutil==5.6.6
 python-dotenv==0.9.1
 requests==2.20.0
 six==1.11.0

diff --git a/shared/bin/zeek_install_plugins.sh b/shared/bin/zeek_install_plugins.sh
@@ -67,6 +67,7 @@ function clone_github_repo() {
 
 # install Zeek packages that insatll nicely using zkg
 ZKG_GITHUB_URLS=(
+  https://github.com/0xxon/cve-2020-0601
   https://github.com/amzn/zeek-plugin-bacnet
   https://github.com/amzn/zeek-plugin-enip
   https://github.com/amzn/zeek-plugin-profinet
@@ -75,6 +76,7 @@ ZKG_GITHUB_URLS=(
   https://github.com/corelight/bro-community-id
   https://github.com/corelight/bro-xor-exe-plugin
   https://github.com/lexibrent/zeek-EternalSafety
+  https://github.com/mitre-attack/bzar
   https://github.com/salesforce/hassh
   https://github.com/salesforce/ja3
 )
@@ -83,22 +85,6 @@ for i in ${ZKG_GITHUB_URLS[@]}; do
   [[ -d "$SRC_DIR" ]] && zkg install --force --skiptests "$SRC_DIR"
 done
 
-# install Zeek packages that need to be copied manually
-MANUAL_COPY_GITHUB_URLS_AND_SCRIPT_PATHS=(
-  "https://github.com/mitre-attack/car|implementations/bzar/scripts|bzar"
-)
-for i in ${MANUAL_COPY_GITHUB_URLS_AND_SCRIPT_PATHS[@]}; do
-  URL="$(echo "$i" | cut -d'|' -f1)"
-  SCRIPT_SRC_SUBDIR="$(echo "$i" | cut -d'|' -f2)"
-  SCRIPT_DST_SUBDIR="$(echo "$i" | cut -d'|' -f3)"
-  SRC_DIR="$(clone_github_repo "$URL")"
-  if [[ -d "$SRC_DIR" ]] && [[ -d "$SRC_DIR"/"$SCRIPT_SRC_SUBDIR" ]]; then
-    PLUGIN_DIR="$ZEEK_SCRIPTS_DIR"/"$SCRIPT_DST_SUBDIR"
-    mkdir -p "$PLUGIN_DIR"
-    cp -v "$SRC_DIR"/"$SCRIPT_SRC_SUBDIR"/* "$PLUGIN_DIR"/
-  fi
-done
-
 # manual build processes that don't fit the other patterns
 
 SRC_DIR="$(clone_github_repo "https://github.com/salesforce/GQUIC_Protocol_Analyzer")"